Connect your target LDAP system

Last modified 21 Oct 2025 14:28 +02:00
Table of Contents

The steps you’re to take to connect the target system are similar to what you did with the HR source system.

Use the guide on connecting a resource to midPoint to help you with the configuration.

If you use the MID-301 First Steps Training Docker images, you can create the LDAP resource as a copy of the template that is prepared there. Alternatively, you can configure the resource from scratch, i.e., without using the template. If you use your own LDAP or Active Directory server and are unsure how to fill in the connection details in midPoint, ask your server admins for help.

The MID-301 training uses an LDAP server as an Active Directory server simulation.

  1. Create a resource from scratch.

    • Use Copy From Template if you wish to use the template in MID-301 container.

  2. Use the LDAP connector.

  3. Name the resource descriptively, such as LDAP with users.

  4. Configure connection to the LDAP server.

    • The connector configuration is more complex. If you’re unsure, your LDAP server admins can help you fill in the right values. The LDAP resource examples may also help.

  5. Create the resource in the Proposed lifecycle state.

The LDAP connection details for the MID-301 training Docker images:

  • Host: ad

  • Port: 389

  • Bind DN: cn=idm,ou=Administrators,dc=example,dc=com

  • Bind password: secret

  • The rest of the required settings is pre-configured in the template

Configure the LDAP resource object type

Similarly to the HR system, the LDAP needs a resource object type for the accounts stored on it as well.

Both object types are preconfigured in the MID-301 training LDAP template.

Use this guide for instructions on object type configuration.

  1. Name the object type NormalAccount, for example.

  2. Make the object type of the Account kind, default (or empty) intent, and with the Default attribute set to True.

  3. Set object class to inetOrgPerson.

  4. On the data specification screen, set Type to User and leave the Archetype empty.

Since there are also groups on LDAP servers, you need an object type for them as well.

  1. Name the object type AD Group, for example.

  2. Make the object type of the Entitlement kind, adGroup intent, and with the Default attribute set to True.

    • You can name the intent as fits your needs.

  3. Set object class to groupOfNames.

  4. On the data specification screen, leave Type and Archetype Undefined and empty.

After you save your object type, you can preview the resource data to see what you’re getting from the resource.

Was this page helpful?
YES NO
Thanks for your feedback